<?php
/* explain:		user login
 * Project:     aitony
 * File:        login.php
 *
 * @ link 		http://www.../admin/
 * @ Email		ldmmyx@hotmail.com
 * @ copyright 	2005  Ling Deming
 * @ author 	Ivan.ling
 * @ version 1.0
 */

/*----- import modules -----*/
//include_once ("../configure/configure.php");		//-- global var
include_once ("./configure/admin.config.inc.php");	//-- local var
include_once("Smarty.class.php");					//-- out template
include_once("impl/UserImpl.php");
include_once ("impl/SessionImpl.php");				//-- Session
include_once ("impl/LoginLogImpl.php");							//-- logs
include_once("impl/UserGroupImpl.php");

/*----- instance -----*/
$userImpl		= new UserImpl(DB_TAG_SYSTEM);					//-- user
$userGImpl		= new UserGroupImpl(DB_TAG_SYSTEM);					//-- user

$sessionImpl	= new SessionImpl(DB_TAG_SYSTEM);				//-- session
$loginLogImpl	= new LoginLogImpl(DB_TAG_SYSTEM);					//-- logs

if($sessionImpl->getLanguage() == "zh-CN"){
	include_once("zh-CN.inc.php");	//--> zh_CN
}else{
	include_once("en-US.inc.php");	//--> us_EN
}

if(isset($_POST['email'])){
	$email 		= $_POST['email'];
	$password 	= $_POST['password'];
	
	$oUser = $userImpl->getByEmail($email);

	if(empty($email))
		$error_message = "Email is required.";	//-- email
	else if(empty($password))
		$error_message = "Password is required";
	else if($oUser == null)
		$error_message = $email." not existed.";
	else if($oUser->getStatus() != 'normal') {//-- check use status
		switch($oUser->getStatus()){
			case 'stop' :  $error_message = $email." be stoped.";	break;
			default  : 	$error_message = $email."  was invalid.";	break;
		}
	}else if(!$userGImpl->getById($oUser->getGroupId())->isAdmin()) {//-- is admin
		$error_message = "is not admin user.";
	}else {
		$oBlockLog = $loginLogImpl->getLoginBlockLog($oUser->getId());
		if(is_object($oBlockLog)){
			$pastTime = time() - strtotime($oBlockLog->getLoginTime());
			
			if($oBlockLog->getAction() == LoginLogImpl::STATUS_PAUSE){
				if($pastTime > TIME_SPACE){
					// clear old block data
					$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
					$oBlockLog->setLoginCount(0);
					$oBlockLog->setAction(LoginLogImpl::STATUS_NORMAL);
							
					$loginLogImpl->addLoginBlockLog($oBlockLog);					
				}else{
					$error_message = $email." be paused.";
				}		
			}else if($oBlockLog->getAction() == LoginLogImpl::STATUS_BLACK){
				$error_message = $email." be block.";
			}
			
		}else{
			$oBlockLog = new LoginBlockLogDomain();
			$oBlockLog->setUserId($oUser->getId());
			$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
			$oBlockLog->setLoginCount(1);
			$oBlockLog->setIp($_SERVER['REMOTE_ADDR']);
			$oBlockLog->setAction(LoginLogImpl::STATUS_NORMAL);
			
			$loginLogImpl->addLoginBlockLog($oBlockLog);
		}
		
		if(empty($error_message)){
			if($oUser->getPassword() != md5($password . PopedomUtils::SYSTEM_SAFE_KEY)){
				$loginCount = $oBlockLog->getLoginCount();
				
				if($loginCount >= LOGIN_LIMIT_COUNT){
					$error_message = $email." try to login more times with error password. System will pause this email for 1 hour.";
				
					$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
					$oBlockLog->setAction(LoginLogImpl::STATU_PAUSE);
							
					$loginLogImpl->addLoginBlockLog($oBlockLog);
				}else{
					$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
					$oBlockLog->setAction(LoginLogImpl::STATUS_NORMAL);
					$loginLogImpl->addLoginBlockLog($oBlockLog);
					
					if($loginCount < 3)
						$error_message = 'The password was invalid.';	//
					else
						$error_message = $email." use error password to login $loginCount times. You has ".(LOGIN_LIMIT_COUNT - $loginCount)." times to try to login.";		//--
				}				
			}
		}else if(!$userImpl->checkUserSafe($oUser->getId())){	//--
			$error_message = $email." was not passed security authentication.";	//--
		}
	}
	
	if(empty($error_message)){	//-- successfully login. write session
		/*--- session share data ---*/
		$arrUser 			= array();
		$arrUser['gid']		= $oUser->getGroupId();		//--> add user groupid to session
		$arrUser['uname']	= $oUser->getEmail();		//--> add login name to session
		$arrUser['lan']		= DEFAULT_LAN;				//--> add default language to session
		$userId				= $oUser->getId();
		
		if(!$sessionImpl->isExisted()){
			if($sessionImpl->start($userId)){				
				$ologinLog = new LoginLogDomain();
				$ologinLog->setUserId($userId);
				$ologinLog->setLoginTime(date("Y-m-d H:i:s"));
				$ologinLog->setLogoutTime(date("Y-m-d H:i:s"));
				$ologinLog->setIp($_SERVER['REMOTE_ADDR']);
				
				$loginOId = $loginLogImpl->addLoginLog($ologinLog);//----- login log
				
				$arrUser['login_id'] = $loginOId;	//--- add login ID to session				
				$sessionImpl->add($arrUser);//--- add share data to session				
				
				header("Location: ./index.php");
			}else
				echo "<script>javascript:alert(\"Login set failure. Please try to login again after that you reduse browser's security level. Any problems, Please contact administrater.\");window.location='./login.php';</script>";
		}else{
			header("Location: ./index.php");
		}
		exit();
	}else
		echo "<script>javascript:alert('$error_message');window.location='./login.php';</script>";
}

/*----- out html -----*/
$smarty = new Smarty();	//-- out template
$smarty->template_dir = TEMPLATE_SYS_DIR;
$smarty->compile_dir  = COMPILE_SYS_DIR;


$smarty->display('login.htm');
?>
